Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortDoog
New Contributor III

Created on ‎09-25-2023 12:26 PM Edited on ‎09-25-2023 12:30 PM

Send automated backups of the configuration from a FortiGate with an automation stich - IP Issue

Regarding this technical note: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-send-automated-backups-of-the-confi...

 

Specifically this section: When the FTP server is known through an IPSec VPN.

 

I´m having an issue with a 100F unit, with 2 vdoms.

 

One vdom (vdom B) actually reaches the backup server with its management ip, this vdom does not have a wan port assigned nor has direct internet connection.

 

But the other vdom (vdom A), this vdom does have a wan port assigned and has direct internet connection and is showing the WAN ip through the ipsec, not the management ip that it has assigned. Is there any way to make it use the management ip or force it?

"Well, hello there"
"Well, hello there"
Labels:
626
0 Kudos
2 REPLIES 2
dbu
Staff
Staff

Created on ‎09-25-2023 02:25 PM

Hello @FortDoog ,

 

Thank you for reaching out . 
As per my understanding it looks like VDOM B is reaching the FTP server internally, and for the other VDOM it is going through the WAN(internet)and this is why it is showing the IPSEC IP address. 
I believe you can play with routing table to force VDOM A to reach the FTP server internally, and not through the WAN interface. 

Please clarify if i miss understood. 

Regards!

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
607
0 Kudos
FortDoog
New Contributor III
In response to dbu

Created on ‎09-25-2023 03:50 PM Edited on ‎09-25-2023 03:52 PM

Hi, thanks for attending my question.

 

No, I poorly redacted my problem.

The 100F unit communicates with a 200F unit in which the FTP server is connected, they have a IPSEC between them.

A graph will help:

Untitled Diagram-Page-5.jpg

 

  • vdomB, has no internet access, correctly shows the management ip (10.0.0.1) when connecting to the ftp server.
  • vdomA, which has houses the wan port, shows the wan ip (as indicated in the technical tip) when connecting to the ftp server.

How come, vdomB shows the management ip and vdomA shows the wan ip instead? how do I make vdomA use or force it to use is management ip?

 

I forgot to mention that I had the same setup working (both vdoms showing the management IP when connecting to the FTP server) on a 300D (ver. 6.4), and when I upgraded to a 100F (ver. 7.4) it stopped working for one of the vdoms only (the one that has the wan port associated).

"Well, hello there"
"Well, hello there"
588
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.